PT-2026-22727 · WordPress · Ninja Forms+4
Nabil Irawan
·
Published
2026-03-03
·
Updated
2026-03-03
·
CVE-2026-2568
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress versions up to and including 1.1.5
Description
The plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping when handling form submission data. This allows unauthenticated attackers to inject malicious web scripts into pages. When a user accesses a page containing the injected script, the script will execute.
Recommendations
Update the WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress to a version later than 1.1.5.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elementor
Formidable
Ninja Forms
Wp Zendesk For Contact Form 7
Wpforms